Preventing Remote NAT Detection (randomizing IP id fields)

[Anonymous]

You’ve probably heard a bit about the research paper explaining how many hosts behind NAT can be determined remotely (if not, take a look at http://www.research.att.com/~smb/papers/fnat.pdf ). Just recently, a real application of this was created. ( http://www.sflow.org/detectNAT/ )

It’s not very hard to randomize the IP id I think, and OpenBSD does it by default. Does anyone know if Mac OS X does this? If not, is there a little sysctl function that one could use to randomize the IP id? If there’s no function, anyone got ideas on a patch for the kernel to do this?

Galen P. Zink
blue and white g3 at soft home dot net

[Author]

Posts